<?php
/*
 * Created on Apr 1, 2006
 */
 
require_once('sql_connection.php');
require_once('functions/sql.php');
 
class Sql_profile extends sql_connection {

    function __construct() {
        parent :: __construct("User");
    }

    function get_profile($user) {
        $user = mysql_input($user);

        $query = "SELECT name, contact, other, tripcode
            FROM User
            WHERE handle = '$user'";


        $result = mysql_query($query);
        if (!$result)
            die ("Could not run query, DB error: " . mysql_error());
        $row = mysql_fetch_assoc($result);

        return $row;
    }

    private function user_exists($handle) {
        $query = "SELECT handle FROM User WHERE handle = '$handle'";
        return get_single_result($query);
    }

        public function create_user($handle, $password, $ip) {
            if ($this->user_exists($handle))
                return false;


            $password = mysql_input($password);
            $ip = mysql_input($ip);
            $query = "INSERT INTO User(handle, password, ip) 
                VALUES ('$handle', '$password', '$ip')";

            $result = mysql_query($query);
            if (!$result)
                die ("Create user query error: " . mysql_error());

            return true;
        }

	/**
	 * Function to update passwords, if it passes checks.
	 */
	function update_password($handle, $oldpass, $newpass, $newpass_again) {

		//check if new passwords match		
		if ($newpass != $newpass_again) {
			return false;
		}
		
		//check if old password matches
		if ($this->match_password($handle, $oldpass)) {
			//Update the database		
			$newpass = crypt($newpass);
			$query = "UPDATE User SET password = '$newpass'
						WHERE handle = '$user'";
						
			if (!mysql_query($query))
				die ("Failed to update password: " . mysql_error());
				
			return true;
		}
		else
			return false;
	}

    public function get_password($user) {
        $user = mysql_input($user);
        $query = "SELECT password FROM User WHERE handle = '$user'";
        $res = get_single_result($query);
        return $res[0];
    }
	
	/**
	 * Function to update user profile. 
	 * Returns false if passwords do not match, or if
	 * current password provided is incorrect.
	 */
	function update_profile($handle, $_POST) {
		
		$query = sprintf("UPDATE User SET 
						name = '%s',
						contact = '%s',
						other = '%s',
						tripcode = '%s'
					WHERE handle = '%s'",
						htmlspecialchars(mysql_input($_POST[name])),
						htmlspecialchars(mysql_input($_POST[contact])),
						htmlspecialchars(mysql_input($_POST[other])),
						htmlspecialchars(mysql_input($_POST[tripcode])),
						mysql_input($handle));
		
		$result = mysql_query($query);
		if (!$result)
			die ("Could not update profile: " . mysql_error());
		
		if ($_POST[passwd] and $_POST[new_pass] and $_POST[new_passwd_again]) {
			//changing passwords.
			return $this->update_password(
				$handle, 
				$_POST[passwd], 
				$_POST[new_pass],
				$_POST[new_passwd_again]);

		}
		
		return true;
	}
}



?>
